Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1168)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/path_builder_pkits_unittest.cc

Issue 2907353002: Update PKITs test data to include "user_constrained_policy_set". (Closed)
Patch Set: re-run generator script Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/internal/nist_pkits_unittest.cc ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/path_builder_pkits_unittest.cc
diff --git a/net/cert/internal/path_builder_pkits_unittest.cc b/net/cert/internal/path_builder_pkits_unittest.cc
index 81eceeef37b629ce975c54934dcaa355a3f3891f..5b14575ea91eb9b77aa513114dae8edca7a99b0f 100644
--- a/net/cert/internal/path_builder_pkits_unittest.cc
+++ b/net/cert/internal/path_builder_pkits_unittest.cc
@@ -51,25 +51,19 @@ namespace {
class PathBuilderPkitsTestDelegate {
public:
- static bool Verify(std::vector<std::string> cert_ders,
- std::vector<std::string> crl_ders,
- const PkitsTestSettings& settings) {
- if (cert_ders.empty()) {
- ADD_FAILURE() << "cert_ders is empty";
- return false;
- }
+ static void RunTest(std::vector<std::string> cert_ders,
+ std::vector<std::string> crl_ders,
+ const PkitsTestInfo& info) {
+ ASSERT_FALSE(cert_ders.empty());
ParsedCertificateList certs;
for (const std::string& der : cert_ders) {
CertErrors errors;
- if (!ParsedCertificate::CreateAndAddToVector(
- bssl::UniquePtr<CRYPTO_BUFFER>(CRYPTO_BUFFER_new(
- reinterpret_cast<const uint8_t*>(der.data()), der.size(),
- nullptr)),
- {}, &certs, &errors)) {
- ADD_FAILURE() << "ParseCertificate::CreateAndAddToVector() failed:\n"
- << errors.ToDebugString();
- return false;
- }
+ ASSERT_TRUE(ParsedCertificate::CreateAndAddToVector(
+ bssl::UniquePtr<CRYPTO_BUFFER>(
+ CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(der.data()),
+ der.size(), nullptr)),
+ {}, &certs, &errors))
+ << errors.ToDebugString();
}
// First entry in the PKITS chain is the trust anchor.
// TODO(mattm): test with all possible trust anchors in the trust store?
@@ -86,18 +80,15 @@ class PathBuilderPkitsTestDelegate {
SimpleSignaturePolicy signature_policy(1024);
- // Run all tests at the time the PKITS was published.
- der::GeneralizedTime time = {2011, 4, 15, 0, 0, 0};
-
CertPathBuilder::Result result;
CertPathBuilder path_builder(std::move(target_cert), &trust_store,
- &signature_policy, time, KeyPurpose::ANY_EKU,
- &result);
+ &signature_policy, info.time,
+ KeyPurpose::ANY_EKU, &result);
path_builder.AddCertIssuerSource(&cert_issuer_source);
path_builder.Run();
- return result.HasValidPath();
+ ASSERT_EQ(info.should_validate, result.HasValidPath());
}
};
@@ -113,7 +104,10 @@ TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo,
"ValidDSASignaturesTest4EE"};
const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL"};
// DSA signatures are intentionally unsupported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.1.5 Valid DSA Parameter Inheritance Test5
@@ -125,7 +119,10 @@ TEST_F(PkitsTest01SignatureVerificationCustomPathBuilderFoo,
const char* const crls[] = {"TrustAnchorRootCRL", "DSACACRL",
"DSAParametersInheritedCACRL"};
// DSA signatures are intentionally unsupported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
class PkitsTest13SignatureVerificationCustomPathBuilderFoo
@@ -140,7 +137,10 @@ TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
const char* const crls[] = {"TrustAnchorRootCRL",
"nameConstraintsRFC822CA1CRL"};
// Name constraints on rfc822Names are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.23 Valid RFC822 nameConstraints Test23
@@ -152,7 +152,10 @@ TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
const char* const crls[] = {"TrustAnchorRootCRL",
"nameConstraintsRFC822CA2CRL"};
// Name constraints on rfc822Names are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.25 Valid RFC822 nameConstraints Test25
@@ -164,7 +167,10 @@ TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
const char* const crls[] = {"TrustAnchorRootCRL",
"nameConstraintsRFC822CA3CRL"};
// Name constraints on rfc822Names are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.27 Valid DN and RFC822 nameConstraints Test27
@@ -177,7 +183,10 @@ TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsDN1CACRL",
"nameConstraintsDN1subCA3CRL"};
// Name constraints on rfc822Names are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.34 Valid URI nameConstraints Test34
@@ -188,7 +197,10 @@ TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
"ValidURInameConstraintsTest34EE"};
const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI1CACRL"};
// Name constraints on uniformResourceIdentifiers are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
// Modified version of 4.13.36 Valid URI nameConstraints Test36
@@ -199,7 +211,10 @@ TEST_F(PkitsTest13SignatureVerificationCustomPathBuilderFoo,
"ValidURInameConstraintsTest36EE"};
const char* const crls[] = {"TrustAnchorRootCRL", "nameConstraintsURI2CACRL"};
// Name constraints on uniformResourceIdentifiers are not supported.
- ASSERT_FALSE(this->Verify(certs, crls, {}));
+ PkitsTestInfo info;
+ info.should_validate = false;
+
+ this->RunTest(certs, crls, info);
}
INSTANTIATE_TYPED_TEST_CASE_P(PathBuilder,
« no previous file with comments | « net/cert/internal/nist_pkits_unittest.cc ('k') | net/cert/internal/verify_certificate_chain_pkits_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698